maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Try fixing coturn

Browse source
This commit is contained in:
Malte Brandy 2020-12-20 01:26:33 +01:00
parent 90fd5f1487
commit 5798f5c473
2 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
nixos/roles/coturn.nix
View file

@ -3,28 +3,32 @@ let
fqdn = "${config.networking.hostName}.${config.networking.domain}";
key_dir = config.security.acme.certs."${fqdn}".directory;
in {
users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
networking.firewall = let
range = [{
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
}];
port = [ config.services.coturn.tls-listening-port ];
ports = [
config.services.coturn.listening-port
config.services.coturn.alt-listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-tls-listening-port
];
in {
allowedUDPPortRanges = range;
allowedTCPPortRanges = range;
allowedTCPPorts = port;
allowedUDPPorts = port;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
security.acme.certs.${fqdn} = {
postRun = "systemctl restart coturn.service";
};
services = {
coturn = {
enable = true;
use-auth-secret = true;
no-tcp = true;
lt-cred-mech = true;
no-cli = true;
no-tcp-relay = true;
min-port = 52000;
max-port = 52100;
@ -33,6 +37,7 @@ in {
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
"matrix/server-secrets").turn_shared_secret;
realm = fqdn;
listening-ips = [ config.m-0.hosts.hera config.m-0.hosts.hera-v4 ];
extraConfig = ''
fingerprint

6
nixos/roles/matrix-synapse.nix
View file

@ -59,9 +59,11 @@ in {
dynamic_thumbnails = true;
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_uris = let
turn_server =
turns =
"turns:${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
in [ "${turn_server}?transport=udp" "${turn_server}?transport=tcp" ];
turn =
"turn:${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
in [ "${turns}?transport=udp" "${turns}?transport=tcp" "${turn}?transport=udp" "${turn}?transport=tcp" ];
turn_user_lifetime = "24h";
allow_guest_access = true;
logConfig = ''